On Wed, Aug 7, 2019 at 10:40 AM Theo de Raadt <dera...@openbsd.org> wrote:
> Wow, look -- more useless chatter on the topic. > > The bt stack we had was designed as "network code", and all sorts of > complex layer violations and device hand-offs were very complicated and > troublesome. > > The code was not deleted because bluetooth is shit. The code was > deleted *because it was shitty and unsuited to the purpose* > > And then noone stepped up to write new code. THAT IS THE WHOLE STORY. > > People on misc often want some complicated conspiracy, and fails to > understand it is ALWAYS that "someone has to write the code and maintain > it", and if such a person doesn't exist then either (a) the code doesn't > exist, or (b) the code sucks and people complain about it until (c) we > delete it and then (d) people on misc try to invent fake history. > > Since no such person existed, (a) led to (c) and here we are at (d). > > I wish everyone would stop making uneducated guesses and trying to > rewrite history that isn't STUDIED and understand. In particular what > bothers me is the LACK OF STUDY, but this is misc, STUDYING stuff is > clearly too hard, and making uneducated guesses is the norm. > Might find following from "Axis of Easy #109" by Mark E. Jeftovic of easyDNS: Major bluetooth security flaw discovered. Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have discovered a major new vulnerability in the 20+ year-old Bluetooth protocol. The “Key Negotiation of Bluetooth”, aka “KNOB” attack lets attackers, without any prior knowledge of details of either side of the conversation, trick two endpoints in a Bluetooth handshake into using an encryption key that can then be brute-forced (I think they do this by tricking each side into using a 1-byte encryption key). Of course, once the key is cracked the attacker has access to all communications on the Bluetooth channel. The Bluetooth spec is being upgraded to specify longer encryption keys, and users are urged to remain current with all manufacturer updates. Read: https://www.forbes.com/sites/zakdoffman/2019/08/15/critical-new-bluetooth-security-issue-leaves-your-devices-and-data-open-to-attack/ And: https://knobattack.com/ And if your "manufacturer" has EOLed your product, you're SOOL. --patrick > John Brahy <j...@brahy.com> wrote: > > > Right, without reading the code and only reading this commit message > it's all conjecture. > > I was just hoping to hear something more if someone was inclined to > share. > > inclined. The commit message seems like some sort of inside joke. > > > > Log message: > > "It's not the years, honey; it's the mileage." > > > > bluetooth support doesn't work and isn't going anywhere. the current > > design is a dead end, and should not be the basis for any future support. > > general consensus says to whack it so as to not mislead the unwary. > > > > On Wed, Aug 7, 2019 at 10:06 AM Theo de Raadt <dera...@openbsd.org> > wrote: > > > > Bryan Wright <bryanwesleywri...@gmail.com> wrote: > > > > > Are there technical/philosophical problems that make all versions of > > > Bluetooth incompatible with the project, or is it a just matter of > > > removing what is not being maintained? > > > > I'm sure a bunch of you can come up with theories about what actually > > transpired, without reading any of the code that used to be here, or > > the commit messages. > > > > Basically, feel free to keep making up stuff. > > > >
